Admins can quickly enable single sign-on (SSO) and allow your users to sign in with their existing login credentials.
If you are using Okta for SSO and provisioning SmartRecruiters user accounts, please follow the Okta SmartRecruiters Integration Guide instead.
In order to perform a full Web SSO set up with SmartRecruiters:
- You should have an Identity Provider (IdP) set up and running and you know how to add a new Service Provider (SP) to the configuration.
- You have integrated your IdP with SmartRecruiters User API in order to sync user profile details in ongoing basis.
- You have an Admin account within SmartRecruiters to access Web SSO configuration.
Web SSO Configuration
To fully enable the SSO capability for your users, you will need to configure the Web SSO information in SmartRecruiters end and in your IdP end.
Configuring in SmartRecruiters
- Navigate to Settings / Admin.
- Select Web SSO under Configuration
- Click Edit Web SSO configuration and enable Web SSO
- Select the Signature Algorithm and Certificate.
- From your IdP metadata, copy your IdP URL and certificate onto your clipboard.
- Paste the IdP URL and certificate respectively onto the bottom half of the SmartRecruiters Web SSO configuration page.
- Save the Web SSO configuration.
Adding new Service Provider in your IdP
There are numbers of different IdPs out in the market and each requires slightly different steps to add Service Provider into its configuration. The general workflow for these IdPs, however, should remain the same as they support the SAML 2.0 standard.
The example steps below are to serve as a general guide to help you to add a new Service Provider in your IdP:
- In your IdP, locate the function or module that manages service providers
- Add a new service provide from SAML 2.0 XML metadata
- In the Web SSO configuration page in SmartRecruiters, click Download SmartRecruiters metadata
- Copy the metadata onto your clipboard
- Paste and import the metadata in your IdP configuration
- Add SmartRecruiters onto the service provider name field and save the configuration.
When you completed the configuration in both SmartRecruiters and in your IdP, you can initiate the SSO log in with the URL:
The SAML certificates which SmartRecruiters uses to enable the SSO functionality have expiration dates and will eventually expire. Prior to the date which the certificates are set to expire, SmartRecruiters will add in a new set of certificates.
To ensure your users can continue to access SmartRecruiters with their existing credentials, you will need to switch to the new certificate by selecting the new certificate on the SmartRecruiters Web SSO configuration page as well as updating the service provider configuration on your IdP end. The exact steps are the same as configuring the Web SSO for the first time.
The latest sets of SmartRecruiters SAML certificates are set to expire by the end of May, 2022.